Daily Blog #516: Forensic Lunch Test Kitchen 10/23/18 - Focus on RDP Brute Forcing Using Ncrack, Hydra, and Patator

Focus on RDP Brute Forcing Using Ncrack, Hydra, and Patator by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
        We had another test kitchen tonight with a focus on rdp brute forcing windows system from Kali attempting to use ncrack, hydra and patator. We had mixed results but here is what we learned:

  • Windows 10 RDP appears to not be compatible with Ncrack or Hydra. Neither could attempt to login
  • Patator requires FreeRDP to be installed, which is needs way more dependencies that I expected
  • Windows 7 RDP works as expected and Ncrack was able to generate failed logins
  • None of the testing we did got our remote workstation names to appear in the event logs. We tried native rdp from windows 10 vm, native rdp from windows 10 host, and linux based rdesktop along with ncrack
  • The Terminal Services Remote Connection Manager log will record any attempted authentication as a success, even if the account does not exist
More testing tomorrow night to see if we can find out why we aren't getting remote workstation names as expected from the Microsoft Documentation. 

You can watch the video here:

Also Read: Daily Blog #515 

Post a Comment